Network Compromise Assessment (NCA)

Show left menu  
Hide left menu  

An NCA engagement is essentially a temporary deployment of the TADS service, this consists of installing portable versions of the TADS equipment on a Client’s site in a position where the equipment will be able to capture network traffic; most commonly ingress and egress traffic, although under certain circumstances it may be appropriate to monitor inter-network traffic.

Once the equipment is installed, one or more consultants will remain onsite to analyse the Client’s network traffic in as near to real time as possible. This process begins with a baseline analysis phase that is designed to filter out legitimate business traffic so that the analysis can concentrate on the traffic that is more likely to contain suspicious data. When the consultant observes any network traffic which includes an indication of compromise (IoC) the consultant will work with the Client’s I.T. staff to further investigate and track down the source of the suspicious network traffic.

Once the source of the suspicious network traffic (usually an infected host) has been identified the onsite consultants will liaise with the Client to recommend short term mitigation strategies (long term mitigating strategies will be provided in the final report which is normally produced offsite at the end of the engagement) along with detailing further investigation options for which Context can be engaged as supplemental tasks (for example host based forensic investigations, malware reverse engineering, or log analysis).

Back to Top